Proactivation Methods and Apparatus for Password-Hardening Systems

1. A method comprising: storing in a first server a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user; storing in a second server at least a portion of valid password indication information indicating for each of the sets which of the passwords in that set is a valid password; and proactively updating the sets of passwords and the valid password indication information in each of a plurality of epochs; wherein the valid password indication information for a given one of the sets comprises an index value denoting an index of the valid password for the given set; wherein the index value is stored as a shared secret across the first and second servers, such that neither the first server nor the second server stores the entire index value; wherein the first server stores a first value and the second server stores a second value, and the index value for the given set is a function of the first and second values; wherein the index value is utilized to determine whether a password received from a user attempting to access a protected resource is the valid password; and wherein the storing in the first server, storing in the second server and the proactively updating are performed by at least one processing device.

2. The method of claim 1 further comprising the steps of: determining in the first server if the received password is in the set of passwords stored for the user; if the received password is in the set of passwords stored for the user, determining in the second server if the received password is the valid password or one of the chaff passwords; if the received password is the valid password, granting access to the protected resource; and if the received password is one of the chaff passwords, denying access to the protected resource and taking an appropriate remedial action in accordance with a specified policy.

3. The method of claim 1 wherein the epochs are configured so as to provide one of: epoch lengths that are the same for all of the users but vary over time; and epoch lengths that are different for different ones of the users.

5. The method of claim 4 wherein proactively updating the sets of passwords and the valid password indication information comprises randomizing index j for user u i in one or more of the epochs.

6. The method of claim 5 wherein randomizing index j for user u i comprises: setting c(i) to a randomly selected value of k; assigning w i,c(i) to the password p i ; and randomly permuting the chaff passwords in the set W i .

7. The method of claim 4 wherein index values c(i) for respective ones of the users are stored as a shared secret across the first and second servers.

8. The method of claim 7 wherein the index values c(i) for respective ones for the users remain constant over at least a subset of the epochs.

9. The method of claim 7 wherein for a given received password having index j in the corresponding set W i of passwords, the first and second servers collaborate with one another to determine jointly that j=c(i).

10. The method of claim 7 wherein in epoch t, for user u i , the first value comprises a value A i (t) and the second value comprises a value B i (t) , and the index value c(i) is a function of the values A i (t) and B i (t) .

12. The method of claim 10 further comprising: determining in the first server an index j of the received password; sending j′=((j−1)−A i (t) ) mod k from the first server to the second server; verifying in the second server that (j′−B i (t) ) mod k=0; and granting or denying access to the protected resource based on a result of the verifying.

13. The method of claim 10 wherein the proactively updating comprises: selecting in the first server; selecting in the second server; sending from the first server to the second server a cryptographic commitment C on X i (t) ; sending Y i (t) from the second server to the first server; decommiting X i (t) in the first server for the second server; setting A i (t) ←(A i (t-1) +X i (t) +Y i (t) )mod k in the first server; and setting B i (t) ←(B i (t-1) −X i (t) −Y i (t) )mod k in the second server.

14. The method of claim 10 wherein the proactively updating comprises: receiving in the first and second servers a random value Z i (t) ε R Z k selected by a trusted third party; setting A i (t) ←(A i (t-1) +Z i (t) )mod k in the first server; and setting B i (t) ←(B i (t-1) −Z i (t) )mod k in the second server.

15. The method of claim 10 wherein the proactively updating comprises: receiving in the second server a random value Z i (t) ε R Z k selected by the first server; setting A i (t) ←(A i (t-1) +Z i (t) )mod k in the first server; and setting B i (t) ←(B i (t-1) −Z i (t) )mod k in the second server.

16. The method of claim 7 wherein the proactively updating comprises the first and second servers collaborating with one another to randomize the index values c(i) for respective ones of the users in one or more epochs without either server individually learning the index values c(i) for respective ones of the users.

17. An article of manufacture comprising at least one non-transitory processor-readable storage medium having embodied therein one or more software programs, wherein the one or more software programs when executed by at least one processing device cause said at least one processing device: to store in a first server a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user; to store in a second server at least a portion of valid password indication information indicating for each of the sets which of the passwords in that set is a valid password; and to proactively update the sets of passwords and the valid password indication information in each of a plurality of epochs; wherein the valid password indication information for a given one of the sets comprises an index value denoting an index of the valid password for the given set; wherein the index value is stored as a shared secret across the first and second servers, such that neither the first server nor the second server stores the entire index value; wherein the first server stores a first value and the second server stores a second value, and the index value for the given set is a function of the first and second values; and wherein the index value is utilized to determine whether a password received from a user attempting to access a protected resource is the valid password.

18. An apparatus comprising: at least one processing device comprising a processor coupled to a memory; wherein said at least one processing device comprises: a first server configured to store a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user; and a second server configured to store at least a portion of valid password indication information indicating for each of the sets which of the passwords in that set is a valid password; wherein the first and second servers are configured to proactively update the sets of passwords and the valid password indication information in each of a plurality of epochs; wherein the valid password indication information for a given one of the sets comprises an index value denoting an index of the valid password for the given set; wherein the index value is stored as a shared secret across the first and second servers, such that neither the first server nor the second server stores the entire index value; wherein the first server stores a first value and the second server stores a second value, and the index value for the given set is a function of the first and second values; and wherein the index value is utilized to determine whether a password received from a user attempting to access a protected resource is the valid password.

19. The apparatus of claim 18 wherein the first and second servers are implemented on respective distinct ones of a plurality of processing devices.

20. The apparatus of claim 18 wherein: the first server is configured to receive the password from the user attempting to access the protected resource, and to determine if the received password is in the set of passwords stored for the user; if the received password is in the set of passwords stored for the user, the second server is configured to determine if the received password is the valid password or one of the chaff passwords; if the received password is the valid password, access to the protected resource is granted; and if the received password is one of the chaff passwords, access to the protected resource is denied and an appropriate remedial action in accordance with a specified policy is taken.